Results 1 to 23 of 23

Thread: Hijacking a 'smart' amp during a gig

  1. #1

    Default Hijacking a 'smart' amp during a gig

    This could make for some unexpectedly unique gigs. Quick quote from The Register:

    "Guitar amp manufacturer Fender's recently-introduced Mustang GT 100 guitar amplifier can be made to play whatever audio an attacker fancies, security researchers have discovered.

    "The amp allows Bluetooth connections, but without pairing security. Anyone within range could therefore "stream arbitrary audio to it and hijack your amp output", security researcher Chris Pritchard of Pen Test Partners (PTP) reported.

    "The device - marketed towards gigging musicians - is trivially easy to hack, as a video put together by PTP (below) demonstrates." ...

    (or direct link)

    The PTP article cited above has lots more to say, including this:

    "The Bluetooth ID is 'Mustang GT', though anyone using this amp to play live would be well advised to turn Bluetooth off.... Of course, that then stops you using the smart features that are the key to this amp..."

  2. #2
    Registered User
    Join Date
    Jun 2005
    Location
    High Peak - UK
    Posts
    2,152

    Default Re: Hijacking a 'smart' amp during a gig

    Some years ago we were setting up for a show in the UK and the roadie on stage was messing around testing the levels of the vocal mics. You know the sort of thing - 1-2; 1-2; 68; 32; 45; 99......

    A couple of minutes into the check, the rear door of the theatre burst open and the unanounced visitor said "Are you using a radio mic.? Only I'm the bingo caller from over the road and it's braking through my sound system"

    (Thought - Do our US friends know about Bingo?)

  3. The following members say thank you to Ray(T) for this post:

    JL277z 

  4. #3
    Registered User
    Join Date
    Jan 2009
    Location
    S.W. Wisconsin
    Posts
    4,070

    Default Re: Hijacking a 'smart' amp during a gig

    B42, I17 Yes we know about Bingo. Bingo, Bingo, Bingo and Bingo was his name 0.
    THE WORLD IS A BETTER PLACE JUST FOR YOUR SMILE!

  5. The Following 2 Users Say Thank You to pops1 For This Useful Post:


  6. #4
    Registered User
    Join Date
    Mar 2003
    Location
    Columbus, GA
    Posts
    775

    Default Re: Hijacking a 'smart' amp during a gig

    I think Fender's money could be better spent in other areas.
    David Hopkins

    Breedlove Legacy FF; Breedlove Quartz FF
    Gibson F-4, (1916)
    McCormick Oval Sound Hole "Reinhardt"
    McCormick Solid Body F-Style Electric;
    Recording King Resophonic Mandolin; Slingerland Songbird Guitar (c. 1939)

    The older I get, the less tolerant I am of political correctness, incompetence and stupidity.

  7. #5
    Registered User foldedpath's Avatar
    Join Date
    May 2007
    Location
    Pacific Northwest, USA
    Posts
    4,531

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by DHopkins View Post
    I think Fender's money could be better spent in other areas.
    They're just following Gibson, Line6 and the rest down the digital rabbit hole.

    They'd be better off in the long-term, finding a way to recreate the classic WW2 and post-war tech NOS vacuum tubes for their amps, instead of cheap modern substitutes. Well, a person can dream anyway...

  8. #6
    Registered User
    Join Date
    Mar 2003
    Location
    Columbus, GA
    Posts
    775

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by foldedpath View Post
    They're just following Gibson, Line6 and the rest down the digital rabbit hole.
    Okay, I think the money could be better spent by "Gibson, Line 6 and the rest."
    David Hopkins

    Breedlove Legacy FF; Breedlove Quartz FF
    Gibson F-4, (1916)
    McCormick Oval Sound Hole "Reinhardt"
    McCormick Solid Body F-Style Electric;
    Recording King Resophonic Mandolin; Slingerland Songbird Guitar (c. 1939)

    The older I get, the less tolerant I am of political correctness, incompetence and stupidity.

  9. #7
    Cambridge Mandolinist Daniel Nestlerode's Avatar
    Join Date
    Mar 2004
    Location
    Cambridgeshire
    Posts
    1,788
    Blog Entries
    81

    Default Re: Hijacking a 'smart' amp during a gig

    Yes, Ray. They do Bingo in the US. But it's stereo-typically the domain of OAP's. They have no idea how serious people who play bingo here in the UK take their bingo nights. (I have only just learned this myself after having been a resident in the UK since 2012!)

    So a disturbance to a radio mic'd bingo caller will result in a room full of angry people!

    Daniel

  10. The following members say thank you to Daniel Nestlerode for this post:

    JL277z 

  11. #8
    Registered User Eric Platt's Avatar
    Join Date
    Jan 2009
    Location
    St. Paul, MN
    Posts
    463

    Default Re: Hijacking a 'smart' amp during a gig

    This doesn't surprise me. While not a Fender, do have a Mackie Freeplay portable PA system. A great feature is the Bluetooth mixing board and effects. Even here, there is no password or encryption. It would be to hack. Am going to keep using it because the benefits far outweigh that one disadvantage.

    As to the Fender digital - I like it. They have done a fine job of catching sounds, especially reverb, with their digital modeling. If I ever got rid of my early Roland Cube amp, would be buying one of the Fender models.
    1910 Gibson A, 1929 Gibson A Jr., 2018 Eastman MDO-305, 2018 Big Muddy MW-0, ca. 2000 Breedlove Cascade
    http://ericplatt.weebly.com/
    https://www.facebook.com/LauluAika/

  12. The following members say thank you to Eric Platt for this post:

    JL277z 

  13. #9
    but that's just me Bertram Henze's Avatar
    Join Date
    Jun 2005
    Location
    0.8 pc from NGC224, upstairs
    Posts
    9,472

    Default Re: Hijacking a 'smart' amp during a gig

    I wouldn't worry about being hacked at the gig. You'll never even arrive, because somebody reprogrammed your autonomous car to take you to some dark neighborhood where they will relieve you of all your pesky heavy equipment...
    the world is better off without bad ideas, good ideas are better off without the world

  14. The Following 2 Users Say Thank You to Bertram Henze For This Useful Post:

    JL277zNevin 

  15. #10

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by Ray(T) View Post
    Some years ago we were setting up for a show in the UK and the roadie on stage was messing around testing the levels of the vocal mics. You know the sort of thing - 1-2; 1-2; 68; 32; 45; 99......

    A couple of minutes into the check, the rear door of the theatre burst open and the unanounced visitor said "Are you using a radio mic.? Only I'm the bingo caller from over the road and it's braking through my sound system" ...
    Yeah that would make for an interesting bingo game!

    I once had a turntable/AM/FM radio unit I'd bought cheap in a junkstore, thought it was a good bargain at first, but found that it had one flaw. When its power switch was on, it would pick up police-car radio transmissions from cop cars driving past (lots of police traffic on that road, and apparently they had pretty high-powered radios), I could hear every word they were saying for several seconds until their car was out of range of the turntable's inadvertent receiver. I'm guessing that the turntable must have had some unshielded parts or something. I got rid of that turntable and bought a newer one which had no such problems.

    Also had an ultra-cheap wireless doorbell that would occasionally get triggered by CB radio transmissions of log trucks going by. That was back in the days when the local truckdrivers were noted for souping up their CB radios to way-beyond-illegal broadcast levels. That particular doorbell didn't have any way to change its frequency to prevent interference, so we threw it out and bought a different brand, problem solved. Although the new one turned out to not be very weatherproof and failed to function at all after a year or so.

    Yeah I know, these are inadvertent RF interference things, not hacking, but still made for some puzzling results at first.

  16. #11

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by Bertram Henze View Post
    I wouldn't worry about being hacked at the gig. You'll never even arrive, because somebody reprogrammed your autonomous car to take you to some dark neighborhood where they will relieve you of all your pesky heavy equipment...
    Yeah I've read of some of the car-hacking stuff that's possible already. All that 'smart' stuff needs to have security built into it from the start, not tacked on later as an after-thought. But we see how, for instance, computers are, the software makers push out bug-riddled releases just to meet schedule and then they figure they'll fix them later with updates when they get around to it. That trend started at least as far back as the 1990s that I'm aware of, and has gotten a lot worse as the gadgets have gotten more complex.

    Used to be, when you bought something brand new, it was good-to-go for a while and required no further maintenance for at least a few months hopefully. Now, the instant you buy some tech gadget, the very first time you turn it on it already requires a security update. Bah! I mean, it's good that they're fixing flaws, but it would be better if they'd anticipated all the security holes *before* putting the product on the market. We can dream...

    I wonder if those self-tuning guitars are hackable yet... now that could create some concert chaos...

    Hey I know I'm off-topic, it's OK, I'm the OP, off-topic is fine! I know that I always enjoy reading off-topic stuff because I never know what I might learn, that I wouldn't have found out about otherwise.

  17. #12

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by Daniel Nestlerode View Post
    Yes, Ray. They do Bingo in the US. But it's stereo-typically the domain of OAP's. They have no idea how serious people who play bingo here in the UK take their bingo nights. (I have only just learned this myself after having been a resident in the UK since 2012!)

    So a disturbance to a radio mic'd bingo caller will result in a room full of angry people!
    Interesting cultural differences! Thanks Daniel, for the UK perspective, I had no idea!

    I had to look up "OAP" though, my first guess was not quite correct (I'd thought maybe it meant "old angry people") but according to the first Google search result, it's a British term that means "old age pensioner". Ah... I see now. Yeah, commonly true in the U.S., at least that's been my observation as well. Although we're referred to as "seniors" here.

  18. #13
    Registered User
    Join Date
    Jun 2005
    Location
    High Peak - UK
    Posts
    2,152

    Default Re: Hijacking a 'smart' amp during a gig

    Personally, I've always thought of Bingo as a delayed raffle but never played it myself.

  19. #14
    Adrian Minarovic
    Join Date
    Oct 2003
    Location
    Banska Bystrica, Slovakia, Europe
    Posts
    2,074

    Default Re: Hijacking a 'smart' amp during a gig

    We have quite a few new ceiling mounted projectors in the school and whiel they have their own RC, they can also be controlled via bluetooth... sometimes students with their smartphones find out and once in the while screen goes upside down or whatever they find funny....
    Adrian

  20. The following members say thank you to HoGo for this post:

    JL277z 

  21. #15
    but that's just me Bertram Henze's Avatar
    Join Date
    Jun 2005
    Location
    0.8 pc from NGC224, upstairs
    Posts
    9,472

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by JL277z View Post
    ... it would be better if they'd anticipated all the security holes *before* putting the product on the market.
    I have a feeling that this is traceable back to Turing's halting problem and is therefore impossible. There's a barber paradox somewhere in there.
    the world is better off without bad ideas, good ideas are better off without the world

  22. The following members say thank you to Bertram Henze for this post:

    JL277z 

  23. #16

    Default Re: Hijacking a 'smart' amp during a gig

    About software vulnerabilities & tech stuff in general...

    Quote Originally Posted by JL277z View Post
    ... it would be better if they'd anticipated all the security holes *before* putting the product on the market.

    Quote Originally Posted by Bertram Henze View Post
    I have a feeling that this is traceable back to Turing's halting problem and is therefore impossible. There's a barber paradox somewhere in there.
    Ah yes mathematics and logic, believe it or not that was my best & favorite subject in school, a bazillion years ago. I've devolved considerably since then (brain injury, for real) and I remember very little of what I learned in those classes, but I'm still fascinated by it.

    In any case, I probably should've worded that other sentence a little more carefully, as I realize that my use of the word "all" was sloppy writing on my part. It would likely be impossible to "[anticipate] all the security holes" in any product. There are evidently so many variables and unexpected ways that software stuff can interact, with new things being developed all the time (the usual cat & mouse game between developers and black-hats), that predicting all possible outcomes would be an unreasonable expectation.

    So... how about this tentative revised sentence instead:

    "It would be better if developers would at least try a little harder to anticipate the most obvious likely-to-be-exploited potential vulnerabilities in their products, and take measures to protect the product and the customer from undesirable compromises of product functionality, rather than the all-too-frequent situation we see where developers (or their managers) blithely assume that no one would ever bother trying to tamper with the product or interfere with its functionality." Or something like that.

    Switching gears... My previous audio recorder, a Tascam, had some sort of 'smart' features as well - as I vaguely recall it communicated via wi-fi though (might be remembering that wrong) and not bluetooth like the Fender amp, anyway the Tascam was supposed to be controllable via an Android app on my smart phone. Sounded good in theory, and I had no problem setting it up, the two devices were communicating ok. The only problem was, when I enabled the communication on the recorder, it drained the recorder's batteries so fast that it rendered the recorder nearly useless. Seemed like just another instance of poorly-thought-out design, looked good on paper but in the real world there was "one little detail" (battery life) that was kind of a deal-breaker (made the device far less useful than I'd hoped).

    Somehow, oddly, I managed to lose that Tascam (no, not on purpose, I swear!). After a year or so of doing without, I finally bought a Zoom H2n which is what I really wanted in the first place, but was trying to save some $ by buying the cheaper one. Sometimes buying cheaper stuff costs more in the long run.

  24. #17
    Quietly Making Noise Dave Greenspoon's Avatar
    Join Date
    May 2003
    Location
    Leesburg, VA
    Posts
    791

    Default Re: Hijacking a 'smart' amp during a gig

    Can't one rename the connection and add security, like a password, to these amps?
    Axes: Rigel A Natural #1774 w/mods, Andrew Jerman Irwin-style 5 string electric "Stealie", Paul Newson custom blonde SCW "Feivel", Eastman 515, Epi Mandobird IV, Crafter M85E, Grandmom's solid-mahogany teens bent-top, Baglamas 002
    Rigs: Rigel Stealie Amps: Fishman Loudbox 100; Laney Cub 10

  25. #18
    Registered User
    Join Date
    Feb 2017
    Location
    Central PA
    Posts
    88

    Default Re: Hijacking a 'smart' amp during a gig

    Since the appearance of this thread the prankster in me has gone into overdrive. I could actually be talked into buying a few of these amps as gifts for some guitarist/gods I know.
    Being right is overrated. Doing right is what matters.

  26. The Following 2 Users Say Thank You to gspiess For This Useful Post:


  27. #19
    Cambridge Mandolinist Daniel Nestlerode's Avatar
    Join Date
    Mar 2004
    Location
    Cambridgeshire
    Posts
    1,788
    Blog Entries
    81

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by gspiess View Post
    Since the appearance of this thread the prankster in me has gone into overdrive. I could actually be talked into buying a few of these amps as gifts for some guitarist/gods I know.
    wishing there was a LOL! as well as a Thanks.

    D

  28. The following members say thank you to Daniel Nestlerode for this post:

    JL277z 

  29. #20
    Registered User Kevin Stueve's Avatar
    Join Date
    Mar 2015
    Location
    Kansas
    Posts
    369

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by Bertram Henze View Post
    I have a feeling that this is traceable back to Turing's halting problem and is therefore impossible. There's a barber paradox somewhere in there.
    I have a feeling you are right but no desire at this point in my life to construct a formal proof.
    2012 Weber Bitterroot F5.

  30. The following members say thank you to Kevin Stueve for this post:

    JL277z 

  31. #21
    Registered User
    Join Date
    Oct 2008
    Location
    Chicagoland
    Posts
    612

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by Ray(T) View Post
    (Thought - Do our US friends know about Bingo?)
    Oh yeah.

    http://l7.alamy.com/zooms/e6c86d1065...ngo-e03yr5.jpg

  32. The following members say thank you to jesserules for this post:

    JL277z 

  33. #22

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by gspiess View Post
    Since the appearance of this thread the prankster in me has gone into overdrive. I could actually be talked into buying a few of these amps as gifts for some guitarist/gods I know.
    Lol!

    Quote Originally Posted by Dave Greenspoon View Post
    Can't one rename the connection and add security, like a password, to these amps?
    EDIT - correction - please see new info in post below.
    Last edited by JL277z; Mar-08-2018 at 7:32am. Reason: Correction

  34. #23

    Default Re: Hijacking a 'smart' amp during a gig

    I just noticed an update towards the bottom of TheRegister page, how long has that been there? Anyway here's what it says:

    "A spokesman for Fender has finally been in touch to say the Bluetooth-related security issues "were addressed in an update to the amp a few months ago," although you need to install said update to benefit from it.

    "Any new amps should now have the latest software, and as always we recommend that you update your amp to get the latest software, which includes fixes like this," he said. "The software can be easily updated via Wi-Fi, and only takes a few minutes, depending on your internet speed."

    Hmm. So, as long as users update their gear's software promptly - er, sorry please excuse me while I pick myself up off the floor after rolling around laughing for a while - I know so many people who never update anything unless it's mandatory like modern Windows, they just take their new gadgets out of the box and start using it - and what non-techie would ever think that an appliance-like object like an amp would ever need a security update? ... So anyway, Fender is saying to update the thing & problem solved... I guess that's good, then.

    I suppose it's also best to not assume that just because the amp is brand new means it's already updated - could have been sitting in some warehouse for a long time and still have the old software.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •